2

Is it possible to run Flask (http://flask.pocoo.org/) as the standard user?

I need to run a web service on my Pi, but am not sure how safe it would be running it as a super user when it needs to be exposed to the web through my firewall.

Lewis Lebentz
  • 817
  • 4
  • 13
  • 24

1 Answers1

7

It is, you simply cannot bind to port 80 as a regular user.

There are plenty of workarounds, though. This question is a good reference: Is there a way for non-root processes to bind to "privileged" ports on Linux?

--

Usually the workaround is either to give your Flask (Python) capabilities to bind to port 80, or to simply setup an iptables rule that redirects traffic from port 80 to whatever port Flask is listening on.

Community
  • 1
  • 1
Thomas Orozco
  • 53,284
  • 11
  • 113
  • 116
  • So would it be possible to run it on a port above 1024 as a regular user? – Lewis Lebentz Jul 02 '14 at 16:41
  • @Lewis Yes, definitely. – Thomas Orozco Jul 02 '14 at 16:58
  • Also already runned server can process `uwsgi` process by socket or another port as proxy. – tbicr Jul 02 '14 at 18:56
  • @ThomasOrozco ah well that's good to know! I'll just use a higher port instead, thanks! – Lewis Lebentz Jul 03 '14 at 14:41
  • Thomas and @tbicr One more thing, is it possible to run Flask on one port but have just a simple static landing page on port 80, so I can check the webserver is running? – Lewis Lebentz Jul 03 '14 at 14:45
  • Short answer yes. Http request should know at least instance ip and port, if port listened by server other (host, path, headers, body) can be processed by this server. How server process requests depending by configuration. One thing: you cant run two or more different servers on one port, but it can be resolved as proxying. – tbicr Jul 03 '14 at 17:51